Thanks Nelson. Just after I sent out the question, I came up with a workaround - exported the key/cert to a P12, imported into a JKS keystore, generated the CSR using the existing key-pair, approved the cert and imported the cert into the NSS database. Worked like a charm (of course, this wouldn't have worked with a token that would not have given up the private key).
Glad to know that a new build of certutil will address this problem. Thanks. Arshad Noor Nelson B wrote: > Arshad Noor wrote: > >>I'm trying to use certutil to renew a certificate with an existing >>key-pair. However, it appears that the -R option always generates >>a new key-pair; how does one generate a CSR using existing keys with >>certutil? Or should I be using some other tool? TIA. > > > Hi Arshad, > > This is the subject of bugzilla bug > https://bugzilla.mozilla.org/show_bug.cgi?id=341371 > which is now fixed on the trunk, which will eventually become NSS 3.12. > > There are no builds of NSS 3.12 available yet, but if you're willing to > pull and build the trunk, you can find a solution there. > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
